~vpzom/lotide

a59c268fc40b99c88b6fa60b7cdac0fda85b8b43 — Colin Reeder 6 days ago 101c994 master
Introduce "dev mode", disallow non-HTTPS URLs if not enabled (#132)
6 files changed, 20 insertions(+), 16 deletions(-)

M src/apub_util/ingest.rs
M src/apub_util/mod.rs
M src/config.rs
M src/main.rs
M src/routes/api/mod.rs
M src/tasks.rs
M src/apub_util/ingest.rs => src/apub_util/ingest.rs +3 -6
@@ 165,9 165,7 @@ pub async fn ingest_object(
                            }
                        } else {
                            // don't need announces for local objects
                            let obj =
                                crate::apub_util::fetch_ap_object(object_id, &ctx.http_client)
                                    .await?;
                            let obj = crate::apub_util::fetch_ap_object(object_id, &ctx).await?;

                            ingest_object_boxed(
                                obj,


@@ 222,8 220,7 @@ pub async fn ingest_object(
                        }
                    } else {
                        // don't need announces for local objects
                        let obj =
                            crate::apub_util::fetch_ap_object(object_id, &ctx.http_client).await?;
                        let obj = crate::apub_util::fetch_ap_object(object_id, &ctx).await?;

                        ingest_object_boxed(
                            obj,


@@ 865,7 862,7 @@ pub async fn ingest_create(
            } {
                Verified(serde_json::from_value(serde_json::to_value(&req_obj)?)?)
            } else {
                crate::apub_util::fetch_ap_object(object_id, &ctx.http_client).await?
                crate::apub_util::fetch_ap_object(object_id, &ctx).await?
            };

            ingest_object_boxed(obj, FoundFrom::Other, ctx.clone()).await?;

M src/apub_util/mod.rs => src/apub_util/mod.rs +11 -6
@@ 322,13 322,18 @@ pub fn require_containment(object_id: &url::Url, actor_id: &url::Url) -> Result<

pub async fn fetch_ap_object_raw(
    ap_id: &url::Url,
    http_client: &crate::HttpClient,
    ctx: &crate::BaseContext,
) -> Result<serde_json::Value, crate::Error> {
    let mut current_id = hyper::Uri::try_from(ap_id.as_str())?;
    for _ in 0..3u8 {
        if current_id.scheme() != Some(&http::uri::Scheme::HTTPS) && !ctx.dev_mode {
            return Err(crate::Error::InternalStrStatic(
                "AP URLs must be HTTPS in non-dev mode",
            ));
        }
        // avoid infinite loop in malicious or broken cases
        let res = crate::res_to_error(
            http_client
            ctx.http_client
                .request(
                    hyper::Request::get(&current_id)
                        .header(hyper::header::ACCEPT, ACTIVITY_TYPE)


@@ 361,9 366,9 @@ pub async fn fetch_ap_object_raw(

pub async fn fetch_ap_object(
    ap_id: &url::Url,
    http_client: &crate::HttpClient,
    ctx: &crate::BaseContext,
) -> Result<Verified<KnownObject>, crate::Error> {
    let value = fetch_ap_object_raw(ap_id, http_client).await?;
    let value = fetch_ap_object_raw(ap_id, ctx).await?;
    let value: KnownObject = serde_json::from_value(value)?;
    Ok(Verified(value))
}


@@ 373,7 378,7 @@ pub async fn fetch_and_ingest(
    found_from: ingest::FoundFrom,
    ctx: Arc<crate::BaseContext>,
) -> Result<Option<ingest::IngestResult>, crate::Error> {
    let obj = fetch_ap_object(req_ap_id, &ctx.http_client).await?;
    let obj = fetch_ap_object(req_ap_id, &ctx).await?;
    ingest::ingest_object_boxed(obj, found_from, ctx).await
}



@@ 1985,7 1990,7 @@ pub async fn verify_incoming_object(
                "Missing id in received activity",
            ))?;

            let res_body = fetch_ap_object(&ap_id, &ctx.http_client).await?;
            let res_body = fetch_ap_object(&ap_id, &ctx).await?;

            Ok(res_body)
        }

M src/config.rs => src/config.rs +2 -1
@@ 16,9 16,10 @@ pub struct Config {

    #[serde(default)]
    pub apub_proxy_rewrites: bool,

    #[serde(default)]
    pub allow_forwarded: bool,
    #[serde(default)]
    pub dev_mode: bool,

    pub media_storage: Option<String>,
    pub media_location: Option<String>,

M src/main.rs => src/main.rs +2 -0
@@ 161,6 161,7 @@ pub struct BaseContext {
    pub vapid_public_key_base64: String,
    pub vapid_signature_builder: web_push::PartialVapidSignatureBuilder,
    pub break_stuff: bool,
    pub dev_mode: bool,

    pub local_hostname: String,



@@ 1284,6 1285,7 @@ async fn run(config: Config) -> Result<(), Box<dyn std::error::Error>> {
            .expect("Couldn't find host in HOST_URL_ACTIVITYPUB"),

        break_stuff: config.break_stuff,
        dev_mode: config.dev_mode,
        db_pool,
        mailer,
        mail_from,

M src/routes/api/mod.rs => src/routes/api/mod.rs +1 -1
@@ 842,7 842,7 @@ async fn route_unstable_objects_lookup(

    let res = match &uri {
        Some(uri) => {
            let obj = crate::apub_util::fetch_ap_object(uri, &ctx.http_client).await?;
            let obj = crate::apub_util::fetch_ap_object(uri, &ctx).await?;

            crate::apub_util::ingest::ingest_object(
                obj,

M src/tasks.rs => src/tasks.rs +1 -2
@@ 151,8 151,7 @@ impl TaskDef for FetchCommunityFeatured {
    async fn perform(self, ctx: Arc<crate::BaseContext>) -> Result<(), crate::Error> {
        use activitystreams::prelude::*;

        let obj =
            crate::apub_util::fetch_ap_object_raw(&self.featured_url, &ctx.http_client).await?;
        let obj = crate::apub_util::fetch_ap_object_raw(&self.featured_url, &ctx).await?;
        let obj: crate::apub_util::AnyCollection = serde_json::from_value(obj)?;

        let items = match &obj {